Karpenter 1.0.5 (#97)

* Karpenter Pack V1.0.1

* added global .gitignore

* PAC-1729 updated readme files (#96)

* updated readme files

* Update README.md - minor lang edits

* Update README.md - Add volume snapshot info

* Update README.md - Add back deleted line

* Update README.md - Fix logo

* Update README.md - Update snapshot info

* Update README.md - minor lang changes

---------

Co-authored-by: ”Srinivas <“[email protected]”>
Co-authored-by: Vishwanath S <[email protected]>

* feat: add hello-universe 1.2.0 pack DOC-1138 (#95)

* feat: add hello-universe 1.2.0 pack DOC-1138

This PR includes a new version of the Hello Universe pack in the Spectro Cloud community repo. It bumps the version of the Hello Universe image to 1.2.0 and the API & DB versions to 1.1.0.
Hello Universe is a demo web application that helps users learn more about Palette and its features.

* docs: adjust CPU prerequisites

* Updated Karpenter Version

* updated readme

* updated README

* updated readme

* changed bullets

* Updated bullet format

* updated list

* Reviewed Readme

* Added schema validation and notes to README

* added AMI information

---------

Co-authored-by: Srinivas DM <[email protected]>
Co-authored-by: ”Srinivas <“[email protected]”>
Co-authored-by: Vishwanath S <[email protected]>
Co-authored-by: Adelina Simion <[email protected]>

.gitignore

@@ -0,0 +1 @@
+*.tar.gz

packs/karpenter-1.0.5/README.md

@@ -0,0 +1,128 @@
+# Karpenter
+
+Karpenter is an open-source node lifecycle management project built for Kubernetes. Adding Karpenter to a Kubernetes cluster can dramatically improve the efficiency and cost of active workloads in the cluster. Karpenter automatically launches the right compute resources to handle your cluster's applications. Karpenter works by:
+
+* Watching for pods that the Kubernetes scheduler has marked as unschedulable
+* Evaluating scheduling constraints (resource requests, nodeselectors, affinities, tolerations, and topology spread constraints) requested by the pods
+* Provisioning nodes that meet the requirements of the pods
+    Disrupting the nodes when the nodes are no longer needed
+
+## Prerequisites
+
+* Minimum Kubernetes Version is 1.25
+* Pack support is for EKS only today.
+* IRSA Roles must be created and used.  Review the following section for additional guidance.
+* AWS Account Number - This is a required value in the pack for annotations of the service account
+
+### Pack Values
+
+Provide your AWS Account Number in the `awsAccountNumber` value of the pack.
+
+### AWS IAM Roles for Service Accounts (IRSA)
+
+Karpenter requires a policy to be created that can be used by the Service Account for it to function properly.  Detailed policy elements can be found [here](https://karpenter.sh/docs/getting-started/migrating-from-cas/#create-iam-roles).
+
+The policy should then be added to the EKS layer in Palette so that it can be used by the Service Acount.
+
+To do this, add the `irsaRoles` and `iamAuthenticatorConfig` sections to the Kubernetes layer (make sure to replace "AWS_ACCOUNT_NUMBER" with your AWS Account Number).  The Service Account will be created by the Karpenter Pack.
+
+```yaml
+managedControlPlane:
+    irsaRoles:
+    - name: "{{.spectro.system.cluster.name}}-karpenterControllerRole"
+        policies:
+        - arn:aws:iam::<AWS_ACCOUNT_NUMBER>:policy/karpenterControllerPolicy
+        serviceAccount:
+        name: karpenter
+        namespace: karpenter
+iamAuthenticatorConfig:
+    mapRoles:
+        - groups:
+        - system:bootstrappers
+        - system:nodes
+        rolearn: "arn:aws:iam::<AWS_ACCOUNT_NUMBER>:role/{{.spectro.system.cluster.name}}-nodeRole"
+        username: system:node:{{EC2PrivateDNSName}}
+```
+
+### Node Role
+
+Palette dynamically creates a role for the worker nodes that has the appropriale policies attached.  We need to make the name predictable so that Karpenter can attach the role to the worker nodes that it spawns.  To do this, we add a `roleName` to the EKS layer and provide the name we want like this.
+
+```yaml
+managedMachinePool:
+    roleName: "{{.spectro.system.cluster.name}}-nodeRole"
+```
+
+### Tags
+
+Karpenter uses tags in AWS to discover the resources needed to autoscale.  Palette creates several tags on resources it creates, but in most uses cases Palette is not managing the Security Groups and Subnets.  Because of this, tags should be added to those resources for Karpenter to auto discover.  The tag is then referenced in the `ec2NodeClass` Custom Resource that you create after Karpenter is installed.
+
+## Usage
+
+Make sure to checkout the [Karpenter Best Practices](https://aws.github.io/aws-eks-best-practices/karpenter/) when using Karpenter.
+
+### Node Pool
+
+```yaml
+apiVersion: karpenter.sh/v1
+kind: NodePool
+metadata:
+name: default
+spec:
+template:
+    spec:
+    requirements:
+        - key: kubernetes.io/arch
+        operator: In
+        values: ["amd64"]
+        - key: kubernetes.io/os
+        operator: In
+        values: ["linux"]
+        - key: karpenter.sh/capacity-type
+        operator: In
+        values: ["spot"]
+        - key: karpenter.k8s.aws/instance-category
+        operator: In
+        values: ["c", "m", "r"]
+        - key: karpenter.k8s.aws/instance-generation
+        operator: Gt
+        values: ["2"]
+    nodeClassRef:
+        group: karpenter.k8s.aws
+        kind: EC2NodeClass
+        name: default
+    expireAfter: 720h # 30 * 24h = 720h
+limits:
+    cpu: 1000
+disruption:
+    consolidationPolicy: WhenEmptyOrUnderutilized
+    consolidateAfter: 1m
+```
+
+### EC2 Node Class Resource
+
+```yaml
+apiVersion: karpenter.k8s.aws/v1
+kind: EC2NodeClass
+metadata:
+name: default
+spec:
+amiFamily: AL2 # Amazon Linux 2
+role: "KarpenterNodeRole-${CLUSTER_NAME}" # replace with your cluster name
+subnetSelectorTerms:
+    - tags:
+        karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name
+securityGroupSelectorTerms:
+    - tags:
+        karpenter.sh/discovery: "${CLUSTER_NAME}" # replace with your cluster name
+  amiSelectorTerms:
+    - alias: al2@v20241011 # example Alias for looking up images.
+```
+
+For more information on AMI selectors and how to find other AMIs, reference the [Karpenter Docs](https://karpenter.sh/docs/concepts/nodeclasses/#specamiselectorterms)
+
+## References
+
+* [Karpenter Best Practices](https://aws.github.io/aws-eks-best-practices/karpenter/)
+
+* [Karpenter Troubleshooting](https://karpenter.sh/docs/troubleshooting/)

packs/karpenter-1.0.5/charts/karpenter/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

packs/karpenter-1.0.5/charts/karpenter/Chart.lock

@@ -0,0 +1,3 @@
+dependencies: []
+digest: sha256:5595919ac269b4105dd65d20eb27cb271b8976c1d10903e0b504d349df30f017
+generated: "2020-12-02T11:48:25.741819-08:00"

packs/karpenter-1.0.5/charts/karpenter/Chart.yaml

@@ -0,0 +1,35 @@
+annotations:
+  artifacthub.io/alternativeName: karpenter-provider-aws
+  artifacthub.io/crds: |
+    - kind: EC2NodeClass
+      version: v1beta1
+      name: ec2nodeclasses.karpenter.k8s.aws
+      displayName: EC2NodeClass
+      description: EC2NodeClass is the Schema for the EC2NodeClass API.
+    - kind: NodeClaim
+      version: v1beta1
+      name: nodeclaims.karpenter.sh
+      displayName: NodeClaim
+      description: NodeClaim is the Schema for the NodeClaims API.
+    - kind: NodePool
+      version: v1beta1
+      name: nodepools.karpenter.sh
+      displayName: NodePool
+      description: NodePool is the Schema for the NodePools API.
+apiVersion: v2
+appVersion: 1.0.5
+description: A Helm chart for Karpenter, an open-source node provisioning project
+  built for Kubernetes.
+home: https://karpenter.sh/
+icon: https://repository-images.githubusercontent.com/278480393/dab059c8-caa1-4b55-aaa7-3d30e47a5616
+keywords:
+- cluster
+- node
+- scheduler
+- autoscaling
+- lifecycle
+name: karpenter
+sources:
+- https://github.com/aws/karpenter-provider-aws/
+type: application
+version: 1.0.5

packs/karpenter-1.0.5/charts/karpenter/README.md

@@ -0,0 +1,109 @@
+# karpenter
+
+A Helm chart for Karpenter, an open-source node provisioning project built for Kubernetes.
+
+![Version: 0.37.0](https://img.shields.io/badge/Version-0.37.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.37.0](https://img.shields.io/badge/AppVersion-0.37.0-informational?style=flat-square)
+
+## Documentation
+
+For full Karpenter documentation please checkout [https://karpenter.sh](https://karpenter.sh/docs/).
+
+## Installing the Chart
+
+You can follow the detailed installation instruction in the [documentation](https://karpenter.sh/docs/getting-started/getting-started-with-karpenter) which covers the Karpenter prerequisites and installation options. The outcome of these instructions should result in something like the following command.
+
+```bash
+helm upgrade --install --namespace karpenter --create-namespace \
+  karpenter oci://public.ecr.aws/karpenter/karpenter \
+  --version 0.37.0 \
+  --set "serviceAccount.annotations.eks\.amazonaws\.com/role-arn=${KARPENTER_IAM_ROLE_ARN}" \
+  --set settings.clusterName=${CLUSTER_NAME} \
+  --set settings.interruptionQueue=${CLUSTER_NAME} \
+  --wait
+```
+
+### Verification
+
+As the OCI Helm chart is signed by [Cosign](https://github.com/sigstore/cosign) as part of the release process you can verify the chart before installing it by running the following command.
+
+```shell
+cosign verify public.ecr.aws/karpenter/karpenter:0.37.0 \
+  --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
+  --certificate-identity-regexp='https://github\.com/aws/karpenter-provider-aws/\.github/workflows/release\.yaml@.+' \
+  --certificate-github-workflow-repository=aws/karpenter-provider-aws \
+  --certificate-github-workflow-name=Release \
+  --certificate-github-workflow-ref=refs/tags/v0.37.0 \
+  --annotations version=0.37.0
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| additionalAnnotations | object | `{}` | Additional annotations to add into metadata. |
+| additionalClusterRoleRules | list | `[]` | Specifies additional rules for the core ClusterRole. |
+| additionalLabels | object | `{}` | Additional labels to add into metadata. |
+| affinity | object | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"karpenter.sh/nodepool","operator":"DoesNotExist"}]}]}},"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"topologyKey":"kubernetes.io/hostname"}]}}` | Affinity rules for scheduling the pod. If an explicit label selector is not provided for pod affinity or pod anti-affinity one will be created from the pod selector labels. |
+| controller.env | list | `[]` | Additional environment variables for the controller pod. |
+| controller.envFrom | list | `[]` |  |
+| controller.extraVolumeMounts | list | `[]` | Additional volumeMounts for the controller pod. |
+| controller.healthProbe.port | int | `8081` | The container port to use for http health probe. |
+| controller.image.digest | string | `"sha256:157f478f5db1fe999f5e2d27badcc742bf51cc470508b3cebe78224d0947674f"` | SHA256 digest of the controller image. |
+| controller.image.repository | string | `"public.ecr.aws/karpenter/controller"` | Repository path to the controller image. |
+| controller.image.tag | string | `"0.37.0"` | Tag of the controller image. |
+| controller.metrics.port | int | `8080` | The container port to use for metrics. |
+| controller.resources | object | `{}` | Resources for the controller pod. |
+| controller.sidecarContainer | list | `[]` | Additional sidecarContainer config |
+| controller.sidecarVolumeMounts | list | `[]` | Additional volumeMounts for the sidecar - this will be added to the volume mounts on top of extraVolumeMounts |
+| dnsConfig | object | `{}` | Configure DNS Config for the pod |
+| dnsPolicy | string | `"ClusterFirst"` | Configure the DNS Policy for the pod |
+| extraVolumes | list | `[]` | Additional volumes for the pod. |
+| fullnameOverride | string | `""` | Overrides the chart's computed fullname. |
+| hostNetwork | bool | `false` | Bind the pod to the host network. This is required when using a custom CNI. |
+| imagePullPolicy | string | `"IfNotPresent"` | Image pull policy for Docker images. |
+| imagePullSecrets | list | `[]` | Image pull secrets for Docker images. |
+| logErrorOutputPaths | list | `["stderr"]` | Log errorOutputPaths - defaults to stderr only |
+| logLevel | string | `"info"` | Global log level, defaults to 'info' |
+| logOutputPaths | list | `["stdout"]` | Log outputPaths - defaults to stdout only |
+| nameOverride | string | `""` | Overrides the chart's name. |
+| nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node selectors to schedule the pod to nodes with labels. |
+| podAnnotations | object | `{}` | Additional annotations for the pod. |
+| podDisruptionBudget.maxUnavailable | int | `1` |  |
+| podDisruptionBudget.name | string | `"karpenter"` |  |
+| podLabels | object | `{}` | Additional labels for the pod. |
+| podSecurityContext | object | `{"fsGroup":65532}` | SecurityContext for the pod. |
+| postInstallHook.image.digest | string | `"sha256:13a2ad1bd37ce42ee2a6f1ab0d30595f42eb7fe4a90d6ec848550524104a1ed6"` | SHA256 digest of the post-install hook image. |
+| postInstallHook.image.repository | string | `"public.ecr.aws/bitnami/kubectl"` | Repository path to the post-install hook. This minimally needs to have `kubectl` installed |
+| postInstallHook.image.tag | string | `"1.30"` | Tag of the post-install hook image. |
+| priorityClassName | string | `"system-cluster-critical"` | PriorityClass name for the pod. |
+| replicas | int | `2` | Number of replicas. |
+| revisionHistoryLimit | int | `10` | The number of old ReplicaSets to retain to allow rollback. |
+| serviceAccount.annotations | object | `{}` | Additional annotations for the ServiceAccount. |
+| serviceAccount.create | bool | `true` | Specifies if a ServiceAccount should be created. |
+| serviceAccount.name | string | `""` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template. |
+| serviceMonitor.additionalLabels | object | `{}` | Additional labels for the ServiceMonitor. |
+| serviceMonitor.enabled | bool | `false` | Specifies whether a ServiceMonitor should be created. |
+| serviceMonitor.endpointConfig | object | `{}` | Configuration on `http-metrics` endpoint for the ServiceMonitor. Not to be used to add additional endpoints. See the Prometheus operator documentation for configurable fields https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint |
+| settings | object | `{"batchIdleDuration":"1s","batchMaxDuration":"10s","clusterCABundle":"","clusterEndpoint":"","clusterName":"","featureGates":{"spotToSpotConsolidation":false},"interruptionQueue":"","isolatedVPC":false,"reservedENIs":"0","vmMemoryOverheadPercent":0.075}` | Global Settings to configure Karpenter |
+| settings.batchIdleDuration | string | `"1s"` | The maximum amount of time with no new ending pods that if exceeded ends the current batching window. If pods arrive faster than this time, the batching window will be extended up to the maxDuration. If they arrive slower, the pods will be batched separately. |
+| settings.batchMaxDuration | string | `"10s"` | The maximum length of a batch window. The longer this is, the more pods we can consider for provisioning at one time which usually results in fewer but larger nodes. |
+| settings.clusterCABundle | string | `""` | Cluster CA bundle for TLS configuration of provisioned nodes. If not set, this is taken from the controller's TLS configuration for the API server. |
+| settings.clusterEndpoint | string | `""` | Cluster endpoint. If not set, will be discovered during startup (EKS only) |
+| settings.clusterName | string | `""` | Cluster name. |
+| settings.featureGates | object | `{"spotToSpotConsolidation":false}` | Feature Gate configuration values. Feature Gates will follow the same graduation process and requirements as feature gates in Kubernetes. More information here https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/#feature-gates-for-alpha-or-beta-features |
+| settings.featureGates.spotToSpotConsolidation | bool | `false` | spotToSpotConsolidation is ALPHA and is disabled by default. Setting this to true will enable spot replacement consolidation for both single and multi-node consolidation. |
+| settings.interruptionQueue | string | `""` | Interruption queue is the name of the SQS queue used for processing interruption events from EC2 Interruption handling is disabled if not specified. Enabling interruption handling may require additional permissions on the controller service account. Additional permissions are outlined in the docs. |
+| settings.isolatedVPC | bool | `false` | If true then assume we can't reach AWS services which don't have a VPC endpoint This also has the effect of disabling look-ups to the AWS pricing endpoint |
+| settings.reservedENIs | string | `"0"` | Reserved ENIs are not included in the calculations for max-pods or kube-reserved This is most often used in the VPC CNI custom networking setup https://docs.aws.amazon.com/eks/latest/userguide/cni-custom-network.html |
+| settings.vmMemoryOverheadPercent | float | `0.075` | The VM memory overhead as a percent that will be subtracted from the total memory for all instance types |
+| strategy | object | `{"rollingUpdate":{"maxUnavailable":1}}` | Strategy for updating the pod. |
+| terminationGracePeriodSeconds | string | `nil` | Override the default termination grace period for the pod. |
+| tolerations | list | `[{"key":"CriticalAddonsOnly","operator":"Exists"}]` | Tolerations to allow the pod to be scheduled to nodes with taints. |
+| topologySpreadConstraints | list | `[{"maxSkew":1,"topologyKey":"topology.kubernetes.io/zone","whenUnsatisfiable":"DoNotSchedule"}]` | Topology spread constraints to increase the controller resilience by distributing pods across the cluster zones. If an explicit label selector is not provided one will be created from the pod selector labels. |
+| webhook.enabled | bool | `true` | Whether to enable the webhooks and webhook permissions. |
+| webhook.metrics.port | int | `8001` | The container port to use for webhook metrics. |
+| webhook.port | int | `8443` | The container port to use for the webhook. |
+
+----------------------------------------------
+
+Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/).

packs/karpenter-1.0.5/charts/karpenter/README.md.gotmpl

@@ -0,0 +1,44 @@
+{{ template "chart.header" . }}
+{{ template "chart.description" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
+## Documentation
+
+For full Karpenter documentation please checkout [https://karpenter.sh](https://karpenter.sh/docs/).
+
+## Installing the Chart
+
+You can follow the detailed installation instruction in the [documentation](https://karpenter.sh/docs/getting-started/getting-started-with-karpenter) which covers the Karpenter prerequisites and installation options. The outcome of these instructions should result in something like the following command.
+
+```bash
+helm upgrade --install --namespace karpenter --create-namespace \
+  karpenter oci://public.ecr.aws/karpenter/{{ template "chart.name" . }} \
+  --version {{ template "chart.version" . }} \
+  --set "serviceAccount.annotations.eks\.amazonaws\.com/role-arn=${KARPENTER_IAM_ROLE_ARN}" \
+  --set settings.clusterName=${CLUSTER_NAME} \
+  --set settings.interruptionQueue=${CLUSTER_NAME} \
+  --wait
+```
+
+### Verification
+
+As the OCI Helm chart is signed by [Cosign](https://github.com/sigstore/cosign) as part of the release process you can verify the chart before installing it by running the following command.
+
+```shell
+cosign verify public.ecr.aws/karpenter/karpenter:{{ template "chart.version" . }} \
+  --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
+  --certificate-identity-regexp='https://github\.com/aws/karpenter-provider-aws/\.github/workflows/release\.yaml@.+' \
+  --certificate-github-workflow-repository=aws/karpenter-provider-aws \
+  --certificate-github-workflow-name=Release \
+  --certificate-github-workflow-ref=refs/tags/v{{ template "chart.version" . }} \
+  --annotations version={{ template "chart.version" . }}
+```
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}
+
+----------------------------------------------
+
+Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs/).

packs/karpenter-1.0.5/charts/karpenter/artifacthub-repo.yaml

@@ -0,0 +1,7 @@
+repositoryID: 356cb63f-9ee3-4956-9c20-003e416715c7
+owners: []
+#   - name: awsadmin1
+#     email: [email protected]
+ignore:
+  - name: karpenter
+    version: (?:^\d+$)|(?:^v?0\.0\.0)|(?:^v?\d+\-)